Saturday, 24 January 2009

Data backups are an essential element of good storage security, but they're often vulnerable to attacks. In fact, a significant percentage of security breaches can be attributed to the mismanagement and mishandling of data backups. Millions of records have been compromised in 2008 alone in backup-related gaffes. And these are just the known breaches affecting personal information. There's little doubt that unknown and unreported data backup-related compromises affecting all types of sensitive information - including intellectual property - are just as plentiful. Many storage professionals responsible for backups believe that the mere existence of a process for replicating sensitive data is all that's needed to keep the organization secure. But that's only half the battle. It's what can be done with the data backups after the fact that introduces an entirely different set of risks that are often overlooked.

Here are 10 ways you can ensure that your data backups are secure:

Ensure your security policies (right from access controls to physical security to system monitoring) include backup-related systems within their scope.

Assign backup software access rights only to those who have a business need to be involved in the backup process. Be sure not to overlook any Web-based interfaces that provide backup access and keep your original backup software media secured as well.

Store your backups offsite or at least in another building: often ignored but most important!

However you choose to store your backups - be it on tape, network-attached storage, or external drives - be sure to control access to the room/car/house in which the backups stored. Handle your backup media as you would any other critical hardware.

Use a fireproof and media-rated safe. Many people store their backups in a "fireproof" safe, but typically one that's only rated for paper storage. Don't do this!!

Find out the security measures that your vendors for offsite storage, data center and courier services are taking to ensure that your backups remain safe in their hands.

Password-protect your backups at a minimum. Passwords aren't foolproof because some people with special skills and tools may be able to crack the code, but it is a level of security that should be considered. However, password-protection, at least, provides a layer of security.

Encrypt your backups if your software and hardware support it. Encryption implemented and managed in the right way serves as an excellent last layer of defense. It also helps provide peace of mind knowing that the worst outcome is that you'll have to buy new backup media - especially when it comes to compliance and data breach notifications.

Your backups are only as good as what's on the backup media. There are two sides to this coin. First, make sure your backing up everything that's important. Second, test your backups occasionally - especially if you're using tape.

Source: Excerpts from an article by Kevin Beaver, an independent information security consultant, published in TechTarget

„ Do not miss even a single tech update... Subscribe to RSS feeds now!